describe_available_patches

SSM.Client.describe_available_patches(**kwargs)

Lists all patches eligible to be included in a patch baseline.

See also: AWS API Documentation

Request Syntax

response = client.describe_available_patches(
    Filters=[
        {
            'Key': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string'
)
Parameters
  • Filters (list) --

    Each element in the array is a structure containing a key-value pair.

    Windows Server

    Supported keys for Windows Server managed node patches include the following:

    • PATCH_SET Sample values: OS | APPLICATION
    • PRODUCT Sample values: WindowsServer2012 | Office 2010 | MicrosoftDefenderAntivirus
    • PRODUCT_FAMILY Sample values: Windows | Office
    • MSRC_SEVERITY Sample values: ServicePacks | Important | Moderate
    • CLASSIFICATION Sample values: ServicePacks | SecurityUpdates | DefinitionUpdates
    • PATCH_ID Sample values: KB123456 | KB4516046
    Linux

    Warning

    When specifying filters for Linux patches, you must specify a key-pair for PRODUCT . For example, using the Command Line Interface (CLI), the following command fails:

    aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615

    However, the following command succeeds:

    aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615

    Supported keys for Linux managed node patches include the following:

    • PRODUCT Sample values: AmazonLinux2018.03 | AmazonLinux2.0
    • NAME Sample values: kernel-headers | samba-python | php
    • SEVERITY Sample values: Critical | Important | Medium | Low
    • EPOCH Sample values: 0 | 1
    • VERSION Sample values: 78.6.1 | 4.10.16
    • RELEASE Sample values: 9.56.amzn1 | 1.amzn2
    • ARCH Sample values: i686 | x86_64
    • REPOSITORY Sample values: Core | Updates
    • ADVISORY_ID Sample values: ALAS-2018-1058 | ALAS2-2021-1594
    • CVE_ID Sample values: CVE-2018-3615 | CVE-2020-1472
    • BUGZILLA_ID Sample values: 1463241
    • (dict) --

      Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:

      • DescribeAvailablePatches
      • DescribeInstancePatches
      • DescribePatchBaselines
      • DescribePatchGroups
      • Key (string) --

        The key for the filter.

      • Values (list) --

        The value for the filter.

        • (string) --
  • MaxResults (integer) -- The maximum number of patches to return (per page).
  • NextToken (string) -- The token for the next set of items to return. (You received this token from a previous call.)
Return type

dict

Returns

Response Syntax

{
    'Patches': [
        {
            'Id': 'string',
            'ReleaseDate': datetime(2015, 1, 1),
            'Title': 'string',
            'Description': 'string',
            'ContentUrl': 'string',
            'Vendor': 'string',
            'ProductFamily': 'string',
            'Product': 'string',
            'Classification': 'string',
            'MsrcSeverity': 'string',
            'KbNumber': 'string',
            'MsrcNumber': 'string',
            'Language': 'string',
            'AdvisoryIds': [
                'string',
            ],
            'BugzillaIds': [
                'string',
            ],
            'CVEIds': [
                'string',
            ],
            'Name': 'string',
            'Epoch': 123,
            'Version': 'string',
            'Release': 'string',
            'Arch': 'string',
            'Severity': 'string',
            'Repository': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Patches (list) --

      An array of patches. Each entry in the array is a patch structure.

      • (dict) --

        Represents metadata about a patch.

        • Id (string) --

          The ID of the patch. Applies to Windows patches only.

          Note

          This ID isn't the same as the Microsoft Knowledge Base ID.

        • ReleaseDate (datetime) --

          The date the patch was released.

        • Title (string) --

          The title of the patch.

        • Description (string) --

          The description of the patch.

        • ContentUrl (string) --

          The URL where more information can be obtained about the patch.

        • Vendor (string) --

          The name of the vendor providing the patch.

        • ProductFamily (string) --

          The product family the patch is applicable for. For example, Windows or Amazon Linux 2 .

        • Product (string) --

          The specific product the patch is applicable for. For example, WindowsServer2016 or AmazonLinux2018.03 .

        • Classification (string) --

          The classification of the patch. For example, SecurityUpdates , Updates , or CriticalUpdates .

        • MsrcSeverity (string) --

          The severity of the patch, such as Critical , Important , or Moderate . Applies to Windows patches only.

        • KbNumber (string) --

          The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.

        • MsrcNumber (string) --

          The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045 . Applies to Windows patches only.

        • Language (string) --

          The language of the patch if it's language-specific.

        • AdvisoryIds (list) --

          The Advisory ID of the patch. For example, RHSA-2020:3779 . Applies to Linux-based managed nodes only.

          • (string) --
        • BugzillaIds (list) --

          The Bugzilla ID of the patch. For example, 1600646 . Applies to Linux-based managed nodes only.

          • (string) --
        • CVEIds (list) --

          The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192 . Applies to Linux-based managed nodes only.

          • (string) --
        • Name (string) --

          The name of the patch. Applies to Linux-based managed nodes only.

        • Epoch (integer) --

          The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch , the epoch value is 20180914-2 . Applies to Linux-based managed nodes only.

        • Version (string) --

          The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64 , the version number is indicated by -1 . Applies to Linux-based managed nodes only.

        • Release (string) --

          The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch , the release is 2.amaz1 . Applies to Linux-based managed nodes only.

        • Arch (string) --

          The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64 , the architecture is indicated by x86_64 . Applies to Linux-based managed nodes only.

        • Severity (string) --

          The severity level of the patch. For example, CRITICAL or MODERATE .

        • Repository (string) --

          The source patch repository for the operating system and version, such as trusty-security for Ubuntu Server 14.04 LTE and focal-security for Ubuntu Server 20.04 LTE. Applies to Linux-based managed nodes only.

    • NextToken (string) --

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Exceptions

  • SSM.Client.exceptions.InternalServerError